Hello Folks, I am new to fleet and just configured it on a public DNS. Added a Linux and windows host. Linux worked fine but got some issues for windows host. The first error is

detail_query_network_interface expected single result, got 0

and the second error is software data is not reflecting on the fleet software dashboard and displays the below error in the logs.

{"component":"service","err":"detail_query_network_interface expected single result, got 0","method":"IngestFunc","ts":"2022-12-15T11:58:41.396213187Z"}
{"hostID":1,"level":"error","message":"distributed query is denylisted","query":"fleet_detail_query_software_windows","ts":"2022-12-15T11:58:41.396500965Z"}
{"err":"failed","level":"error","op":"directIngestSoftware","ts":"2022-12-15T11:58:41.396717347Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in HP Development Company, L.P. - SoftwareComponent - 8.10.28.1","ts":"2022-12-15T11:58:41.400430479Z"}

The last line of the above error

KB id not found

displays the same for all the available softwares on that machine. currently I use v4.23.0.

Hi @Swakhil! Couple of questions: 1. re `detail_query_network_interface`: Maybe you can run the following live query on the host to check why Fleet is getting 0 results:

select
    ia.address,
    id.mac
from
    interface_addresses ia
    join interface_details id on id.interface = ia.interface
    join routes r on r.interface = ia.address;

1. re

fleet_detail_query_software_windows

being denylisted: Do you happen to have Python packages installed on the Windows host? (If not, what kind of software does it have installed? how many users does the host have?) 2. re

directIngestWindowsUpdateHistory

: I'll open an issue for this. It seems the title of that particular Windows Update doesn't contain the KB number?...

Hi @Lucas Rodriguez, Tried running the query on the host, but nothing was returning. Finally, Installed latest version v4.24.1 which worked perfectly fine. The software data and network details are visible on the individual host page.

Any idea on updating websockets on nginx server for fleet to communicate?

check this out https://www.nginx.com/blog/websocket-nginx/ https://www.serverlab.ca/tutorials/linux/web-servers-linux/how-to-configure-nginx-for-websockets/

Thank you @Swakhil, from below code snippet

location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;

      proxy_pass <http://ws-backend>;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
  }

For proxy_pass: should we add our fleet FQDN?

example:    proxy_pass <http://FLEET_FQDN>;

It should be the upstream server that the request should be forwarded to. Not sure of how you have configured the fleet.

Osquery_host ------> nginx proxy (http ---> https) --------> fleet docker listening on 8080, 3 hosts

I have configured it through fleet binary, not sure of deploying through docker compose. I can see that you are trying to run fleet on 8080 but nginx is listening on port 443. You can try configuring it on 443 with key & cert path and proxy_pass with fleet fqdn.

Sure, yeah I will try it in sometime, should I try configuring 443 on fleet binary/docker itself?

It is upto you, if you want to run on https, I found binary would be simple. just directly passing the parameters to fleet binary like below

./fleet serve \
  --mysql_address=127.0.0.1:3306 \
  --mysql_database=fleet \
  --mysql_username=root \
  --mysql_password=test@001 \
  --redis_address=127.0.0.1:6379 \
  --server_address=0.0.0.0:443 \
  --server_cert=/etc/ssl/cert-key/server.cert \
  --server_key=/etc/ssl/cert-key/server.key \
  --osquery_result_log_plugin=stdout \
  --osquery_status_log_plugin=stdout \
  --logging_json

Okay, you have directly exposed it to run on 443, good. that should not overwrite or cause trouble removing default 8080 right?

yes

Thank you, I will try it and update you on this in 2 hours

Tried running the query on the host, but nothing was returning. Finally, Installed latest version v4.24.1 which worked perfectly fine.

@Swakhil So the issue was resolved by updating?